SystemLook 30.07.11 by jpshortstuff Log created at 20:25 on 15/01/2013 by MikoBaj Administrator - Elevation successful ========== reg ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CSC] "Start"= 0x0000000001 (1) "DisplayName"="@%systemroot%\system32\cscsvc.dll,-202" "ErrorControl"= 0x0000000001 (1) "Group"="network" "ImagePath"="system32\drivers\csc.sys" "Tag"= 0x0000000009 (9) "Type"= 0x0000000001 (1) "Description"="@%systemroot%\system32\cscsvc.dll,-203" "DependOnService"="rdbss" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CSC\Parameters] "OnlineCachingLatencyThreshold"= 0x0000007d00 (32000) "PeerCachingLatencyThreshold"= 0x0000000050 (80) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DfsC] "DisplayName"="@%systemroot%\system32\drivers\dfsc.sys,-101" "Group"="Network" "ImagePath"="System32\Drivers\dfsc.sys" "Description"="@%systemroot%\system32\drivers\dfsc.sys,-102" "ErrorControl"= 0x0000000001 (1) "Start"= 0x0000000001 (1) "Type"= 0x0000000002 (2) "DependOnService"="Mup" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DfsC\Enum] "0"="Root\LEGACY_DFSC\0000" "Count"= 0x0000000001 (1) "NextInstance"= 0x0000000001 (1) "INITSTARTFAILED"= 0x0000000001 (1) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT] "DisplayName"="@%SystemRoot%\system32\drivers\netbt.sys,-2" "Group"="PNP_TDI" "ImagePath"="System32\DRIVERS\netbt.sys" "Description"="@%SystemRoot%\system32\drivers\netbt.sys,-1" "ErrorControl"= 0x0000000001 (1) "Start"= 0x0000000001 (1) "Type"= 0x0000000001 (1) "DependOnService"="Tdx tcpip" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Linkage] "OtherDependencies"="Tcpip" "Bind"="\Device\Tcpip_{E92A1823-A924-4B60-B82A-0195B4CA3535} \Device\Tcpip_{CF18C9A4-DBDF-454C-8FDF-4F6009A13FB2} \Device\Tcpip6_{A9E43278-524D-429C-BC74-980B7D198577} \Device\Tcpip6_{00B23099-A4D1-4A74-8D7F-52C89E6A213E} \Device\Tcpip6_{E92A1823-A924-4B60-B82A-0195B4CA3535}" "Route"=""Tcpip" "{E92A1823-A924-4B60-B82A-0195B4CA3535}" "Tcpip" "{CF18C9A4-DBDF-454C-8FDF-4F6009A13FB2}" "Tcpip6" "{A9E43278-524D-429C-BC74-980B7D198577}" "Tcpip6" "{00B23099-A4D1-4A74-8D7F-52C89E6A213E}" "Tcpip6" "{E92A1823-A924-4B60-B82A-0195B4CA3535}"" "Export"="\Device\NetBT_Tcpip_{E92A1823-A924-4B60-B82A-0195B4CA3535} \Device\NetBT_Tcpip_{CF18C9A4-DBDF-454C-8FDF-4F6009A13FB2} \Device\NetBT_Tcpip6_{A9E43278-524D-429C-BC74-980B7D198577} \Device\NetBT_Tcpip6_{00B23099-A4D1-4A74-8D7F-52C89E6A213E} \Device\NetBT_Tcpip6_{E92A1823-A924-4B60-B82A-0195B4CA3535}" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters] "BcastNameQueryCount"= 0x0000000003 (3) "BcastQueryTimeout"= 0x00000002ee (750) "CacheTimeout"= 0x00000927c0 (600000) "EnableLMHOSTS"= 0x0000000001 (1) "NameServerPort"= 0x0000000089 (137) "NameSrvQueryCount"= 0x0000000003 (3) "NameSrvQueryTimeout"= 0x00000005dc (1500) "NbProvider"="_tcp" "SessionKeepAlive"= 0x000036ee80 (3600000) "Size/Small/Medium/Large"= 0x0000000001 (1) "TransportBindName"="\Device\" "UseNewSmb"= 0x0000000001 (1) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces] (No values found) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_{CF18C9A4-DBDF-454C-8FDF-4F6009A13FB2}] "NameServerList"=" " "NetbiosOptions"= 0x0000000000 (0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_{E92A1823-A924-4B60-B82A-0195B4CA3535}] "NameServerList"=" " "NetbiosOptions"= 0x0000000000 (0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Security] "Security"=01 00 04 80 b4 00 00 00 c0 00 00 00 00 00 00 00 14 00 00 00 02 00 a0 00 07 00 00 00 00 00 14 00 8d 01 02 00 01 01 00 00 00 00 00 05 0b 00 00 00 00 00 18 00 ff 01 0f 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 18 00 ff 01 0f 00 01 02 00 00 00 00 00 05 20 00 00 00 25 02 00 00 00 00 14 00 fd 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 14 00 40 00 00 00 01 01 00 00 00 00 00 05 13 00 00 00 00 00 14 00 40 00 00 00 01 01 00 00 00 00 00 05 14 00 00 00 00 00 18 00 9d 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 2c 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 (REG_BINARY) ========== filefind ========== Searching for "netbt.sys" C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.1.7600.16385_none_603b1e855897bcd6\netbt.sys --a---- 187904 bytes [23:12 13/07/2009] [23:12 13/07/2009] DD52A733BF4CA5AF84562A5E2F963B91 Searching for "csc.sys" C:\Windows\winsxs\x86_microsoft-windows-offlinefiles-core_31bf3856ad364e35_6.1.7600.16385_none_9e1e9f0abd3adf87\csc.sys --a---- 387584 bytes [23:15 13/07/2009] [23:15 13/07/2009] 27C9490BDD0AE48911AB8CF1932591ED Searching for "dfsc.sys" C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.1.7600.16385_none_87708401476f7a4f\dfsc.sys --a---- 78336 bytes [23:14 13/07/2009] [23:14 13/07/2009] 8E09E52EE2E3CEB199EF3DD99CF9E3FB Searching for "afd.sys" C:\Windows\System32\drivers\afd.sys --a---- 338944 bytes [19:40 28/02/2012] [03:24 25/04/2011] C427F91A748CD342A2B3F9278D9FD6A5 C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_d7be98b5bfc0b4c1\afd.sys --a---- 338944 bytes [23:12 13/07/2009] [23:12 13/07/2009] DDC040FDB01EF1712A6B13E52AFB104C C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_d81220b5bf827af7\afd.sys --a---- 338944 bytes [23:22 14/06/2011] [02:35 25/04/2011] 0DB7A48388D54D154EBEC120461A0FCD C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_d864ad9ad8c98d1f\afd.sys --a---- 338944 bytes [23:22 14/06/2011] [02:27 25/04/2011] C114AB7A1550D42EA1700FFD4179CF5A C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_d9efac7dbcaf385b\afd.sys --a---- 338944 bytes [13:51 27/02/2011] [08:40 20/11/2010] 1151FD4FB0216CFED887BFDE29EBD516 C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_da774a9ad5cea29e\afd.sys --a---- 338944 bytes [23:22 14/06/2011] [03:24 25/04/2011] C427F91A748CD342A2B3F9278D9FD6A5 -= EOF =-